Essential safety vulnerabilities uncovered in DrayTek Vigor routers: Uncover how you can defend your community from these severe flaws. Be taught in regards to the dangers, affected units, and how you can patch your router instantly. Safe your community now!
Censys analysis has revealed 14 vulnerabilities in DrayTek Vigor routers, with British Telecoms being some of the weak hosts adopted by hosts in Vietnam, The Netherlands, and Taiwan.Â
Companies and residential customers worldwide generally use routers. Subsequently, these flaws pose a big threat, permitting attackers to probably take management of your community units and launch additional assaults. The vulnerabilities have been publicly disclosed on 2 October 2024, whereas the customers most impacted by the vulnerabilities embrace the next:
- Taiwan
- Vietnam
- Germany
- Netherlands
- United Kingdom
What are the vulnerabilities?
Fourteen vulnerabilities have been found, starting from essential to medium severity. Probably the most regarding ones are:
- CVE-2024-41592 (CVSS Rating: 10.0): This essential buffer overflow vulnerability within the internet interface could be exploited to crash the router (Denial-of-Service) and even acquire full management (Distant Code Execution) if chained with CVE-2024-41585. This buffer overflow could be triggered by sending a protracted question string to CGI pages.
- CVE-2024-41585 (CVSS Rating: 9.1): This vulnerability is an OC command injection flaw, which permits attackers to inject malicious code into the router’s working system, probably granting full entry to the gadget. The exploit chain impacts Vigor router fashions 3910 and 3912.
Excessive-Severity Vulnerabilities:
- CVE-2024-41586: A cross-site scripting (XSS) vulnerability within the router’s internet interface might enable an attacker to inject malicious code into internet pages visited by customers, probably resulting in unauthorized entry or knowledge theft.
- CVE-2024-41587: One other XSS vulnerability within the internet interface might be exploited to steal delicate info from customers, akin to login credentials.
- CVE-2024-41588: A distant code execution vulnerability within the router’s Telnet service might enable an attacker to realize unauthorized entry to the gadget and execute arbitrary instructions.
Why is that this an enormous deal?
In accordance with Censys’ report shared with Hackread.com, over 700,000 (i-e 751,801) DrayTek Vigor routers are at present uncovered on to the web, making them straightforward targets for attackers. The VigorConnect admin UI is uncovered on 421,476 units. The biggest concentrations of those interfaces come from nationwide ISPs and regional telecom suppliers, and Taiwan-based HINET is main the listing, as DrayTek is a Taiwanese firm.
Exploiting these vulnerabilities can result in a domino impact, permitting attackers to compromise your complete community. Furthermore, DrayTek routers have been focused up to now, with the FBI reporting (PDF) Chinese language-sponsored botnet exercise utilizing older CVEs in DrayTek routers and Volt Storm exploiting SOHO networking gear to hold out assaults final 12 months, making patching a necessity.
DrayTek has launched patches for all of those vulnerabilities. You will need to replace your router’s firmware to the most recent model to guard your self from these threats. Moreover, it is strongly recommended to comply with the safety greatest practices, akin to disabling distant entry to the router’s internet interface and enabling two-factor authentication (2FA), to remain protected.
RELATED TOPICS
- TheMoon Malware Returns: 6K Asus Routers Hacked in 72 Hours
- ASUS and NordVPN Companion to Combine VPN Service into Routers
- New DDoS Botnet ‘Condi’ Targets Weak TP-Hyperlink AX21 Routers
- FBI Alert: Russian Hackers Goal Ubiquiti Routers for Botnet Creation
- NETGEAR Router Vulnerability Allowed Entry to Restricted Providers
